ARTEMIS-1853 Adding Netty OpenSSL provider example Added an example to demonstrate how to configure and use openssl Moved/Added netty-tcnative dependency to artemis-distribution Changed artemis-jms-client-all pom to exclude io.netty from relocation so that the native openssl can be loaded
Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/7c53855c Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/7c53855c Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/7c53855c Branch: refs/heads/2.6.x Commit: 7c53855c11e15a856e4df7cb4cb494eb636ca203 Parents: d6d6851 Author: Howard Gao <[email protected]> Authored: Wed May 23 22:34:01 2018 +0800 Committer: Clebert Suconic <[email protected]> Committed: Wed May 23 15:47:10 2018 -0400 ---------------------------------------------------------------------- artemis-core-client/pom.xml | 5 + artemis-distribution/src/main/assembly/dep.xml | 1 + artemis-jms-client-all/pom.xml | 4 - .../features/standard/netty-openssl/pom.xml | 124 +++++++++++++++++++ .../features/standard/netty-openssl/readme.md | 17 +++ .../artemis/jms/example/OpenSSLExample.java | 85 +++++++++++++ .../activemq/server0/activemq.example.keystore | Bin 0 -> 707 bytes .../server0/activemq.example.truststore | Bin 0 -> 572 bytes .../main/resources/activemq/server0/broker.xml | 60 +++++++++ .../src/main/resources/jndi.properties | 20 +++ pom.xml | 7 ++ tests/integration-tests/pom.xml | 6 - 12 files changed, 319 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/artemis-core-client/pom.xml ---------------------------------------------------------------------- diff --git a/artemis-core-client/pom.xml b/artemis-core-client/pom.xml index 47b72e2..092b8c3 100644 --- a/artemis-core-client/pom.xml +++ b/artemis-core-client/pom.xml @@ -118,6 +118,11 @@ <groupId>io.netty</groupId> <artifactId>netty-common</artifactId> </dependency> + <dependency> + <groupId>io.netty</groupId> + <artifactId>netty-tcnative-boringssl-static</artifactId> + </dependency> + </dependencies> <profiles> http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/artemis-distribution/src/main/assembly/dep.xml ---------------------------------------------------------------------- diff --git a/artemis-distribution/src/main/assembly/dep.xml b/artemis-distribution/src/main/assembly/dep.xml index 0987425..2f6999a 100644 --- a/artemis-distribution/src/main/assembly/dep.xml +++ b/artemis-distribution/src/main/assembly/dep.xml @@ -81,6 +81,7 @@ <include>org.jboss.logging:jboss-logging</include> <include>org.jboss.slf4j:slf4j-jboss-logmanager</include> <include>io.netty:netty-all</include> + <include>io.netty:netty-tcnative-boringssl-static</include> <include>org.apache.qpid:proton-j</include> <include>org.apache.activemq:activemq-client</include> <include>org.slf4j:slf4j-api</include> http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/artemis-jms-client-all/pom.xml ---------------------------------------------------------------------- diff --git a/artemis-jms-client-all/pom.xml b/artemis-jms-client-all/pom.xml index 653ed31..0c6fa45 100644 --- a/artemis-jms-client-all/pom.xml +++ b/artemis-jms-client-all/pom.xml @@ -117,10 +117,6 @@ <shadedPattern>org.apache.activemq.artemis.shaded.org.apache.commons</shadedPattern> </relocation> <relocation> - <pattern>io.netty</pattern> - <shadedPattern>org.apache.activemq.artemis.shaded.io.netty</shadedPattern> - </relocation> - <relocation> <pattern>org.jboss</pattern> <shadedPattern>org.apache.activemq.artemis.shaded.org.jboss</shadedPattern> </relocation> http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/examples/features/standard/netty-openssl/pom.xml ---------------------------------------------------------------------- diff --git a/examples/features/standard/netty-openssl/pom.xml b/examples/features/standard/netty-openssl/pom.xml new file mode 100644 index 0000000..5f61a20 --- /dev/null +++ b/examples/features/standard/netty-openssl/pom.xml @@ -0,0 +1,124 @@ +<?xml version='1.0'?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> + +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> + <modelVersion>4.0.0</modelVersion> + + <parent> + <groupId>org.apache.activemq.examples.broker</groupId> + <artifactId>jms-examples</artifactId> + <version>2.7.0-SNAPSHOT</version> + </parent> + + <artifactId>netty-openssl</artifactId> + <packaging>jar</packaging> + <name>ActiveMQ Artemis JMS Netty OpenSSL Example</name> + + <properties> + <activemq.basedir>${project.basedir}/../../../..</activemq.basedir> + </properties> + + <dependencies> + <dependency> + <groupId>org.apache.activemq</groupId> + <artifactId>artemis-jms-client-all</artifactId> + <version>${project.version}</version> + </dependency> + </dependencies> + + <build> + <plugins> + <plugin> + <groupId>org.apache.activemq</groupId> + <artifactId>artemis-maven-plugin</artifactId> + <executions> + <execution> + <id>create</id> + <goals> + <goal>create</goal> + </goals> + <configuration> + <ignore>${noServer}</ignore> + </configuration> + </execution> + <execution> + <id>start</id> + <goals> + <goal>cli</goal> + </goals> + <configuration> + <ignore>${noServer}</ignore> + <spawn>true</spawn> + <testURI>tcp://localhost:61616</testURI> + <args> + <param>run</param> + </args> + </configuration> + </execution> + <execution> + <id>runClient</id> + <goals> + <goal>runClient</goal> + </goals> + <configuration> + <clientClass>org.apache.activemq.artemis.jms.example.OpenSSLExample</clientClass> + </configuration> + </execution> + <execution> + <id>stop</id> + <goals> + <goal>cli</goal> + </goals> + <configuration> + <ignore>${noServer}</ignore> + <args> + <param>stop</param> + </args> + </configuration> + </execution> + </executions> + <dependencies> + <dependency> + <groupId>org.apache.activemq.examples.broker</groupId> + <artifactId>netty-openssl</artifactId> + <version>${project.version}</version> + </dependency> + </dependencies> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-clean-plugin</artifactId> + </plugin> + </plugins> + </build> + <profiles> + <profile> + <id>release</id> + <build> + <plugins> + <plugin> + <groupId>com.vladsch.flexmark</groupId> + <artifactId>markdown-page-generator-plugin</artifactId> + </plugin> + </plugins> + </build> + </profile> + </profiles> +</project> http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/examples/features/standard/netty-openssl/readme.md ---------------------------------------------------------------------- diff --git a/examples/features/standard/netty-openssl/readme.md b/examples/features/standard/netty-openssl/readme.md new file mode 100644 index 0000000..2ccb693 --- /dev/null +++ b/examples/features/standard/netty-openssl/readme.md @@ -0,0 +1,17 @@ +# JMS OpenSSL Example + +To run the example, simply type **mvn verify** from this directory, or **mvn -PnoServer verify** if you want to start and create the broker manually. + +This example shows you how to configure Netty OpenSSL with ActiveMQ Artemis to send and receive message. + +Using SSL can make your messaging applications interact with ActiveMQ Artemis securely. An application can be secured transparently without extra coding effort. +Beside using JDK's implementation, Artemis also supports using native OpenSSL provided by Netty. +To secure your messaging application with Netty's OpenSSL, you need to configure connector and acceptor as follows: + + <acceptor name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;sslProvider=OPENSSL;keyStorePath=activemq.example.keystore;keyStorePassword=secureexample</acceptor> + +In the configuration, the `activemq.example.keystore` is the key store file holding the server's certificate. The `activemq.example.truststore` is the file holding the certificates which the client trusts (i.e. the server's certificate exported from activemq.example.keystore). They are generated via the following commands: + +* `keytool -genkey -keystore activemq.example.keystore -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA +* `keytool -export -keystore activemq.example.keystore -file activemq-jks.cer -storepass secureexample +* `keytool -import -keystore activemq.example.truststore -file activemq-jks.cer -storepass secureexample -keypass secureexample -noprompt http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/examples/features/standard/netty-openssl/src/main/java/org/apache/activemq/artemis/jms/example/OpenSSLExample.java ---------------------------------------------------------------------- diff --git a/examples/features/standard/netty-openssl/src/main/java/org/apache/activemq/artemis/jms/example/OpenSSLExample.java b/examples/features/standard/netty-openssl/src/main/java/org/apache/activemq/artemis/jms/example/OpenSSLExample.java new file mode 100644 index 0000000..0aaa1ba --- /dev/null +++ b/examples/features/standard/netty-openssl/src/main/java/org/apache/activemq/artemis/jms/example/OpenSSLExample.java @@ -0,0 +1,85 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.jms.example; + +import javax.jms.Connection; +import javax.jms.ConnectionFactory; +import javax.jms.MessageConsumer; +import javax.jms.MessageProducer; +import javax.jms.Queue; +import javax.jms.Session; +import javax.jms.TextMessage; +import javax.naming.InitialContext; + +/** + * A simple JMS Queue example that uses netty's OpenSSL secure transport. + */ +public class OpenSSLExample { + + public static void main(final String[] args) throws Exception { + Connection connection = null; + InitialContext initialContext = null; + try { + // Step 1. Create an initial context to perform the JNDI lookup. + initialContext = new InitialContext(); + + // Step 2. Perfom a lookup on the queue + Queue queue = (Queue) initialContext.lookup("queue/exampleQueue"); + + // Step 3. Perform a lookup on the Connection Factory + ConnectionFactory cf = (ConnectionFactory) initialContext.lookup("ConnectionFactory"); + + // Step 4.Create a JMS Connection + connection = cf.createConnection(); + + // Step 5. Create a JMS Session + Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE); + + // Step 6. Create a JMS Message Producer + MessageProducer producer = session.createProducer(queue); + + // Step 7. Create a Text Message + TextMessage message = session.createTextMessage("This is a text message"); + + System.out.println("Sent message: " + message.getText()); + + // Step 8. Send the Message + producer.send(message); + + // Step 9. Create a JMS Message Consumer + MessageConsumer messageConsumer = session.createConsumer(queue); + + // Step 10. Start the Connection + connection.start(); + + // Step 11. Receive the message + TextMessage messageReceived = (TextMessage) messageConsumer.receive(5000); + + System.out.println("Received message: " + messageReceived.getText()); + + initialContext.close(); + } finally { + // Step 12. Be sure to close our JMS resources! + if (initialContext != null) { + initialContext.close(); + } + if (connection != null) { + connection.close(); + } + } + } +} http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.keystore ---------------------------------------------------------------------- diff --git a/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.keystore b/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.keystore new file mode 100644 index 0000000..0a26208 Binary files /dev/null and b/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.keystore differ http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.truststore ---------------------------------------------------------------------- diff --git a/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.truststore b/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.truststore new file mode 100644 index 0000000..3ef44dc Binary files /dev/null and b/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/activemq.example.truststore differ http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/broker.xml ---------------------------------------------------------------------- diff --git a/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/broker.xml b/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/broker.xml new file mode 100644 index 0000000..87d0147 --- /dev/null +++ b/examples/features/standard/netty-openssl/src/main/resources/activemq/server0/broker.xml @@ -0,0 +1,60 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<configuration xmlns="urn:activemq" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="urn:activemq /schema/artemis-configuration.xsd"> + <core xmlns="urn:activemq:core"> + + <bindings-directory>./data/messaging/bindings</bindings-directory> + + <journal-directory>./data/messaging/journal</journal-directory> + + <large-messages-directory>./data/messaging/largemessages</large-messages-directory> + + <paging-directory>./data/messaging/paging</paging-directory> + + <!-- Acceptors --> + <acceptors> + <!-- keystores will be found automatically if they are on the classpath --> + <acceptor name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;sslProvider=OPENSSL;keyStorePath=activemq.example.keystore;keyStorePassword=secureexample</acceptor> + <acceptor name="netty-tcp">tcp://localhost:61616</acceptor> + </acceptors> + + <!-- Other config --> + + <security-settings> + <!--security for example queue--> + <security-setting match="exampleQueue"> + <permission roles="guest" type="createDurableQueue"/> + <permission roles="guest" type="deleteDurableQueue"/> + <permission roles="guest" type="createNonDurableQueue"/> + <permission roles="guest" type="deleteNonDurableQueue"/> + <permission roles="guest" type="consume"/> + <permission roles="guest" type="send"/> + </security-setting> + </security-settings> + + <addresses> + <address name="exampleQueue"> + <anycast> + <queue name="exampleQueue"/> + </anycast> + </address> + </addresses> + </core> +</configuration> http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/examples/features/standard/netty-openssl/src/main/resources/jndi.properties ---------------------------------------------------------------------- diff --git a/examples/features/standard/netty-openssl/src/main/resources/jndi.properties b/examples/features/standard/netty-openssl/src/main/resources/jndi.properties new file mode 100644 index 0000000..2358666 --- /dev/null +++ b/examples/features/standard/netty-openssl/src/main/resources/jndi.properties @@ -0,0 +1,20 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +java.naming.factory.initial=org.apache.activemq.artemis.jndi.ActiveMQInitialContextFactory +connectionFactory.ConnectionFactory=tcp://localhost:5500?sslEnabled=true&sslProvider=OPENSSL&trustStorePath=activemq/server0/activemq.example.truststore&trustStorePassword=secureexample +queue.queue/exampleQueue=exampleQueue http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 7249c2d..8c50610 100644 --- a/pom.xml +++ b/pom.xml @@ -92,6 +92,7 @@ <maven.assembly.plugin.version>2.4</maven.assembly.plugin.version> <mockito.version>2.8.47</mockito.version> <netty.version>4.1.24.Final</netty.version> + <netty.tcnative.version>2.0.7.Final</netty.tcnative.version> <proton.version>0.27.1</proton.version> <resteasy.version>3.0.19.Final</resteasy.version> <slf4j.version>1.7.21</slf4j.version> @@ -541,6 +542,12 @@ <!-- License: Apache 2.0 --> </dependency> <dependency> + <groupId>io.netty</groupId> + <artifactId>netty-tcnative-boringssl-static</artifactId> + <version>${netty.tcnative.version}</version> + <!-- License: Apache 2.0 --> + </dependency> + <dependency> <groupId>org.apache.qpid</groupId> <artifactId>proton-j</artifactId> <version>${proton.version}</version> http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/7c53855c/tests/integration-tests/pom.xml ---------------------------------------------------------------------- diff --git a/tests/integration-tests/pom.xml b/tests/integration-tests/pom.xml index ad27864..d1c2b33 100644 --- a/tests/integration-tests/pom.xml +++ b/tests/integration-tests/pom.xml @@ -397,12 +397,6 @@ <artifactId>jgroups</artifactId> </dependency> - <!-- openSSL test --> - <dependency> - <groupId>io.netty</groupId> - <artifactId>netty-tcnative-boringssl-static</artifactId> - <version>2.0.7.Final</version> - </dependency> </dependencies> <build>
